Biometric Identification: More Flawed Than You Think

BarprintDreaming of a future in which you unlock your iPod with a retina scan? The Economist examines the weaknesses of biometric authentication (that is, IDing individuals by bodily traits such as their iris, fingerprint, etc.) Contrary to what many people assume, these methods of identifying people are quite fallible, here’s why:

Thanks to gangster movies, cop shows and spy thrillers, people have come to think of fingerprints and other biometric means of identifying evildoers as being completely foolproof. In reality, they are not and never have been, and few engineers who design such screening tools have ever claimed them to be so.

Authentication of a person is usually based on one of three things: something the person knows, such as a password; something physical the person possesses, like an actual key or token; or something about the person’s appearance or behavior. Biometric authentication relies on the third approach. Its advantage is that, unlike a password or a token, it can work without active input from the user. That makes it both convenient and efficient: there is nothing to carry, forget or lose.

The downside is that biometric screening can also work without the user’s co-operation or even knowledge. Covert identification may be a boon when screening for terrorists or criminals, but it raises serious concerns for innocent individuals. Biometric identification can even invite violence. A motorist in Germany had a finger chopped off by thieves seeking to steal his exotic car, which used a fingerprint reader instead of a conventional door lock.

Another problem with biometrics is that the traits used for identification are not secret, but exposed for all and sundry to see. People leave fingerprints all over the place. Voices are recorded and faces photographed endlessly. Appearance and body language is captured on security cameras at every turn. Replacing misappropriated biometric traits is nowhere near as easy as issuing a replacement for a forgotten password or lost key. In addition, it is not all that difficult for impostors to subvert fingerprint readers and other biometric devices.

Biometrics have existed since almost the beginning of time. Hand-prints that accompanied cave paintings from over 30,000 years ago are thought to have been signatures. The early Egyptians used body measurements to ensure people were who they said they were. Fingerprints date back to the late 1800s. More recently, computers have been harnessed to automate the whole process of identifying people by biometric means.

The biometrics industry has a vital role to play in these threatening times. But it would win broader acceptance if it paid greater attention to the concerns and cultural values of the people being scanned. And everyone would be better served if a good deal more was known about what it is, biologically, that makes each and everyone of us a unique human being.

, , ,

  • Wilson

    Most of these problems with the concept of biometric identification were identified years ago, See http://www.schneier.com/essay-019.html. But panic and the desire to prevent another 9/11 justified throwing money at the problem, and the industry is much more expensive than common sense and the deployment of alert observers. Furthermore, the high cost of false negatives has never been investigated, for example, getting locked out of your house because of a malfunction in the processing of the current image (for example, a stye in your eyelid prevents a sufficient iris image). The most creative use of the biometric programs has been the effective use of iris identification in the United Arab Emirates to screen OUT the undesirable/criminal element from the mass of law-abiding and peaceful travelers. See http://en.wikipedia.org/wiki/Iris_recognition for a brief description.

  • Wilson

    Most of these problems with the concept of biometric identification were identified years ago, See http://www.schneier.com/essay-019.html. But panic and the desire to prevent another 9/11 justified throwing money at the problem, and the industry is much more expensive than common sense and the deployment of alert observers. Furthermore, the high cost of false negatives has never been investigated, for example, getting locked out of your house because of a malfunction in the processing of the current image (for example, a stye in your eyelid prevents a sufficient iris image). The most creative use of the biometric programs has been the effective use of iris identification in the United Arab Emirates to screen OUT the undesirable/criminal element from the mass of law-abiding and peaceful travelers. See http://en.wikipedia.org/wiki/Iris_recognition for a brief description.

  • Liam_McGonagle

    Yeah, didn’t that show “Mythbusters” show conclusively and repeatedly that this stuff is pretty simple to thwart? And like several years ago? http://www.youtube.com/watch?v=lkvwhInv828

  • Anonymous

    Yeah, didn’t that show “Mythbusters” show conclusively and repeatedly that this stuff is pretty simple to thwart? And like several years ago? http://www.youtube.com/watch?v=lkvwhInv828

  • http://voxmagi-necessarywords.blogspot.com/ VoxMagi

    Hopefully by poking enough holes in these bogus techniques we can prevent another event like the infamous failure of lie detectors…which are so subjective and easily beaten that it defies credulity…but it took years before they proved to be ineffectual.

    • Word Eater

      and yet, lie detectors are still used by police forces all over the US to “eliminate suspects”

      • Alech

        I thought that they used tasers for that.

  • http://voxmagi-necessarywords.blogspot.com/ VoxMagi

    Hopefully by poking enough holes in these bogus techniques we can prevent another event like the infamous failure of lie detectors…which are so subjective and easily beaten that it defies credulity…but it took years before they proved to be ineffectual.

  • Word Eater

    and yet, lie detectors are still used by police forces all over the US to “eliminate suspects”

  • Alech

    I thought that they used tasers for that.

  • Hadrian999

    never fear, we have those mind reading machines on they way, I’m sure they’ll work…….

  • Hadrian999

    never fear, we have those mind reading machines on they way, I’m sure they’ll work…….

21